achieving keyless cdns with conclaves
play

Achieving Keyless CDNs with Conclaves Stephen Herwig Christina - PowerPoint PPT Presentation

Achieving Keyless CDNs with Conclaves Stephen Herwig Christina Garman Dave Levin User Bank Content Delivery Networks host their customers websites customers origin server Content Delivery Networks host their customers websites


  1. Achieving Keyless CDNs with Conclaves Stephen Herwig Christina Garman Dave Levin

  2. User Bank

  3. Content Delivery Networks host their customers’ websites customer’s origin server

  4. Content Delivery Networks host their customers’ websites CDN’s CDNs edge server customer’s origin server

  5. CDNs CDNs reduce page load times CDN’s edge server customer’s origin server

  6. CDNs CDNs reduce page load times CDN’s edge server customer’s origin server

  7. CDNs CDNs mitigate and block attacks CDN’s edge server customer’s origin server

  8. CDNs CDNs mitigate and block attacks CDN’s edge server customer’s origin server

  9. Customers share their keys with CDNs CDN’s edge server

  10. Customers share their keys with CDNs CDN’s edge server bank’s private key

  11. Key sharing is widespread Cangialosi et al., CCS 2016

  12. Key sharing is widespread 43% of the top 10k 
 most popular websites Fraction of Domains Hosted 1 on Third-party Providers At least one key shared All keys shared 0.8 0.6 0.4 0.2 0 0 200k 400k 600k 800k 1M Alexa Site Rank (bins of 10,000) Cangialosi et al., CCS 2016

  13. Key sharing is widespread 43% of the top 10k 
 most popular websites Fraction of Domains Hosted 1 on Third-party Providers At least one key shared All keys shared 0.8 0.6 0.4 0.2 0 0 200k 400k 600k 800k 1M Alexa Site Rank (bins of 10,000) Cangialosi et al., CCS 2016 The web has consolidated keys in the hands of a few CDNs

  14. Keyless SSL Introduced by Cloudflare to mitigate key sharing

  15. Keyless SSL Introduced by Cloudflare to mitigate key sharing Private keys stay at the key server (origin)

  16. Keyless SSL Introduced by Cloudflare to mitigate key sharing Private keys stay at the key server (origin) Key server performs actions requiring private key

  17. Keyless SSL Introduced by Cloudflare to mitigate key sharing Private keys stay at the key server (origin) Key server performs actions requiring private key

  18. Keyless SSL Introduced by Cloudflare to mitigate key sharing Private keys stay at the key server (origin) Key server performs actions requiring private key

  19. Keyless SSL Introduced by Cloudflare to mitigate key sharing Private keys stay at the key server (origin) Key server performs actions requiring private key

  20. Keyless SSL Introduced by Cloudflare to mitigate key sharing Private keys stay at the key server (origin) Key server performs actions requiring private key

  21. Keyless SSL Introduced by Cloudflare to mitigate key sharing Private keys stay at the key server (origin) Key server performs actions requiring private key

  22. Keyless SSL Introduced by Cloudflare to mitigate key sharing Private keys stay at the key server (origin) Key server performs actions requiring private key The CDN learns all session keys

  23. Keyless SSL Introduced by Cloudflare to mitigate key sharing In practice: 
 CDN Private keys stay at the key server (origin) Key server performs actions requiring private key The CDN learns all session keys

  24. Can we Maintain privacy using Legacy applications on Third-party resources ?

  25. Maintain privacy The CDN is no more trusted 
 than a standard on-path attacker Legacy applications Third-party resources

  26. Maintain privacy The CDN is no more trusted 
 than a standard on-path attacker Legacy applications No changes to existing code-bases; 
 facilitates deployment and adoption Third-party resources

  27. Maintain privacy The CDN is no more trusted 
 than a standard on-path attacker Legacy applications No changes to existing code-bases; 
 facilitates deployment and adoption Third-party resources Leverage the existing infrastructure. One additional assumption: TEEs

  28. Maintain privacy The CDN is no more trusted 
 than a standard on-path attacker Legacy applications No changes to existing code-bases; 
 facilitates deployment and adoption Third-party resources Leverage the existing infrastructure. One additional assumption: TEEs

  29. Phoenix Maintain privacy The CDN is no more trusted 
 than a standard on-path attacker Legacy applications No changes to existing code-bases; 
 facilitates deployment and adoption Third-party resources Leverage the existing infrastructure. One additional assumption: TEEs

  30. Trusted execution environments By default, assume all system components are untrusted Application Code Operating 
 Service System Hardware

  31. Trusted execution environments By default, assume all system components are untrusted Application Code Operating 
 Service System Hardware Small trusted CPU 
 Resistant to physical attacks

  32. Trusted execution environments By default, assume all system components are untrusted Enclave: Isolated 
 application memory Application Enclave Code Operating 
 Service System Hardware Small trusted CPU 
 Resistant to physical attacks

  33. Trusted execution environments By default, assume all system components are untrusted Enclave: Isolated 
 application memory Application Enclave Code Operating 
 Service System Hardware Small trusted CPU 
 Resistant to physical attacks Model: Code and data can safely reside inside an enclave

  34. Practical limitations of TEEs Applications inside enclaves cannot make syscalls Application Enclave Code Syscalls Operating 
 Service System Untrusted Hardware

  35. libOSes Idea: Implement a small “OS” inside the enclave Enclave Operating 
 Service System Hardware

  36. libOSes Idea: Implement a small “OS” inside the enclave Enclave Application Code libOS Service Operating 
 Service System Hardware

  37. libOSes Idea: Implement a small “OS” inside the enclave Enclave Application Code "Syscalls" libOS Service Operating 
 Service System Hardware

  38. libOSes Idea: Implement a small “OS” inside the enclave Enclave Application Code "Syscalls" Service locally 
 libOS Service when possible Operating 
 Service System Hardware

  39. libOSes Idea: Implement a small “OS” inside the enclave Enclave Application Code "Syscalls" Service locally 
 libOS Service when possible Syscalls Operating 
 Service System Hardware

  40. Graphene-SGX A libOS for Intel SGX that supports some services Tsai et al., ATC 2017

  41. Graphene-SGX A libOS for Intel SGX that supports some services Graphene’s supported services: fork exec pipes, signals, semaphores Tsai et al., ATC 2017

  42. Graphene-SGX A libOS for Intel SGX that supports some services Graphene’s supported services: What constitutes a CDN? fork Multiple 
 Web server exec tenants pipes, signals, semaphores Needs 
 Cache disk Web Application 
 Needs 
 plaintext Firewall Needs 
 Key Server safe 
 storage

  43. Graphene-SGX A libOS for Intel SGX that supports some services Graphene’s supported services: What constitutes a CDN? fork Multiple 
 Web server exec tenants pipes, signals, semaphores Needs 
 Cache disk Also critical to a CDN: Web Application 
 Reading & writing files Needs 
 plaintext Firewall Shared memory Access to private keys Needs 
 Key Server safe 
 storage

  44. Phoenix The first truly keyless CDN Conclaves Con tainers of en claves Graphene’s supported services: What constitutes a CDN? fork Multiple 
 Web server exec tenants pipes, signals, semaphores Needs 
 Cache disk Web Application 
 Needs 
 plaintext Firewall Needs 
 Key Server safe 
 storage

  45. Phoenix The first truly keyless CDN Conclaves Con tainers of en claves Graphene’s supported services: What constitutes a CDN? fork Multiple 
 Web server exec tenants pipes, signals, semaphores Needs 
 Cache disk Also critical to a CDN: Web Application 
 Reading & writing files Needs 
 plaintext Firewall Shared memory Access to private keys Needs 
 Key Server safe 
 storage

  46. Phoenix The first truly keyless CDN Conclaves Con tainers of en claves Enclave Enclave Web server Enclave Web server Web server Enclave Cache Cache Key Server Cache Web Application 
 Firewall Web Application 
 Firewall Web Application 
 Firewall Insight: Treat enclaves like a distributed system 
 Implement services using kernel servers

  47. Phoenix The first truly keyless CDN Conclaves Con tainers of en claves Enclave Enclave Web server Enclave Web server Web server Enclave Cache TLS Cache Key Server Cache Web Application 
 Firewall Web Application 
 Enclaves mutually 
 Firewall Web Application 
 authenticate via Firewall attested TLS Knauth et al., 2018 Insight: Treat enclaves like a distributed system 
 Implement services using kernel servers

  48. Phoenix The first truly keyless CDN Conclaves Con tainers of en claves Enclave Enclave Web server Enclave Web server Private key operation Web server Enclave Cache TLS Cache Key Server Cache Web Application 
 Firewall Web Application 
 Enclaves mutually 
 Firewall Web Application 
 authenticate via Firewall attested TLS Knauth et al., 2018 Insight: Treat enclaves like a distributed system 
 Implement services using kernel servers

Recommend


More recommend